You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-dev@hadoop.apache.org by "narayana b (JIRA)" <ji...@apache.org> on 2013/08/19 06:58:50 UTC

[jira] [Created] (HDFS-5108) hadoop 1.2.1 spengo HTTP web console access issue

narayana b created HDFS-5108:
--------------------------------

             Summary: hadoop 1.2.1 spengo HTTP web console access issue
                 Key: HDFS-5108
                 URL: https://issues.apache.org/jira/browse/HDFS-5108
             Project: Hadoop HDFS
          Issue Type: Bug
         Environment: CentOS 6.3 32 bit, jdk1.6_u45, kerberos5-1.10 server

I replaced latest jce libs from oracle to support sha1-96...
            Reporter: narayana b


Hi Good Morning,

1) i created kerberos DB, realm and able to test properly
   $ kinit
   $ klist

2) i followed this link and configured appropriate

     http://hadoop.apache.org/docs/stable/HttpAuthentication.html
added valid principals, key tab files generated using, signature created

core-site.xml

<!-- HTTP web-consoles Authentication -->
  <property>
    <name>hadoop.http.filter.initializers</name>
    <value>org.apache.hadoop.security.AuthenticationFilterInitializer</value>
  </property>

  <property>
    <name>hadoop.http.authentication.type</name>
    <value>kerberos</value>
  </property>

  <property>
    <name>hadoop.http.authentication.token.validity</name>
    <value>36000</value>
  </property>

  <property>
    <name>hadoop.http.authentication.signature.secret.file</name>
    <value>/opt/software/hadoop-1.2.1/conf/security/http-secret-file</value>
  </property>

  <property>
    <name>hadoop.http.authentication.cookie.domain</name>
    <value></value>
  </property>

  <property>
    <name>hadoop.http.authentication.simple.anonymous.allowed</name>
    <value>false</value>
  </property>

  <property>
    <name>hadoop.http.authentication.kerberos.principal</name>
    <value>HTTP/localhost@NARAYANA.LOCAL</value>
  </property>

  <property>
    <name>hadoop.http.authentication.kerberos.keytab</name>
    <value>/opt/software/hadoop-1.2.1/conf/security/mergedKT.keytab</value>
  </property>
</configuration>

3)I have tested kerberos spengo http to namenode, jobnode on single     
    cluster environment but failed to access web consoles
   On browser : http://localhost:50070 

   Result: browser  on browser401 error

4) curl -v -u hadoopA --negotiate http://localhost:50070 - works well



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira